<?php
namespace Mapi\Controller;
use Think\Controller;
header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept");
header('Access-Control-Allow-Methods: GET, POST, PUT,DELETE');
header("Access-Control-Allow-Credentials: true");
class BaseController extends Controller
{
    protected $app_key = 'HbsGrading'; //用于app提交的数据,验签key
	protected $_uinfo = '';
	protected $_user = array();

	//不需登录验证页，建议需要登录的页加上uid判断
	protected $_no_login = array();
	
	//登录、未登录兼容的页面
	protected $_auth_login = array(
        'index.index',        

	);
	
	//需要验证签名
	protected $_need_check = array(
	);	
		
	public $sta_time;//程序开始时间，用于记录脚本执行时间
	
	// 需要开启页面缓存的method
	protected $_open_cache = array(
	);

    protected $_result = array('code'=>1,'data'=>array(),'message'=>'');

	public function _initialize()
	{
	    $this->_no_login = include(APP_PATH.'Mapi/Conf/no_login.php');
	    $this->_menu = include(APP_PATH.'Mapi/Conf/config.php');

		$this->sta_time = microtime(true);
        $this->_auth_login = array_map('strtolower',$this->_auth_login);
        $this->_no_login = array_map('strtolower',$this->_no_login);
        $this->_open_cache = array_map('strtolower',$this->_open_cache);

        $tmp = explode('.', $_GET['method']);
		$app_v = isset($_GET['app_v']) ? $_GET['app_v'] : '1.0';
        !defined('APP_V') && define('APP_V',$app_v);
        //用户请求的api不在_no_login里，则需要执行$this->_auth();验证
        if(!in_array(strtolower($_GET['method']), $this->_no_login) && !in_array(strtolower($tmp[0]).".*", $this->_no_login)) {
            $this->_auth();
        }
	}
	/**
	 * 校验用户token，获取用户基本数据
	 */
	public function _auth()
	{
		//===假数据测试用
		return true;
		//===假数据测试用

	}

	/**
	 * 格式化mapi的返回格式
	 */
	public function apiReturn($code = 0,  $data = '' ,$msg = '',$json_option=0)
	{
        array_walk_recursive($data, 'stripNull');
        array_walk_recursive($data, 'http2https');
        $json = array(
            'code' => (int)$code,
            'data' => $data,
            'message' => (string)$msg,
            );

		//记录日志 add by shang 2015 09 30
		$run_time = number_format(microtime(true) - $this->sta_time,'6','.','');
		$data = array_merge(I("post."), array("ip"=>$_SERVER['HTTP_X_FORWARDED_FOR'], "run_time"=>$run_time));
		//\Lib\Log::save("mapi_call", $data);
		
        //是否是jsonp输出
        $jsonp = trim($_GET['callback']);
        if(!empty($jsonp)){
            $this->ajaxReturn($json, 'jsonp',$json_option);
	    }

	    $data = array(
	        'params' => json_encode($_POST),
            'api_url' => isset($_GET['method']) ? trim(strip_tags($_GET['method'])) : '',
            'response' => json_encode($json),//返回结果
        );
        //记录日志
		$this->ajaxReturn($json, 'json',$json_option);
	}

    public function signCheck()
    {
        $data = $_POST;
        //签名
        $sign = strtolower(trim($data['bzsign']));
        //效验参数
        if( empty($sign) ){
            return false;
        }


        unset($data['bzsign'],$data['app_key'],$data['_'],$data['callback'],$data['key'],$data['method'],$data['v']);

        //效验token
        ksort($data);

        $postData = '';
        foreach($data as $k=>$v){
            $postData .= $k.'='.$v.'&';
        }
        //echo $postData.$this->app_key;exit;
        $md5 = strtolower(md5($postData.$this->app_key));
		var_dump($data,$sign,$md5);

        return $md5==$sign || ($_SERVER['ENV_NAME'] != 'product' && $sign=="qyshang");
    }

    /**
     * 字符串转数字
     *
     * @param array $arr
     * @return array
     */
    protected function string2number( $arr = array() )
    {
        if ( is_array($arr) ) {
            foreach ($arr as $key=>$value) {
                if ( is_numeric($value) ) {
                    $arr[$key] = (int) $value;
                }
                elseif ( is_array($value) ) {
                    $arr[$key] = $this->string2number($value);
                }
                else {
                    $arr[$key] = $value;
                }
            }
        }
        return $arr;
    }
}
